[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kerberos+LDAP and pam_filter

Am Saturday, den  6 October hub Roberto C. Sánchez folgendes in die Tasten:


> Today I just finished switching one of my sites from LDAP-only to
> Kerberos+LDAP.

> One thing that I liked about LDAP and pam_ldap was that I could use
> something like "pam_filter |(host=somehost)(host=\*)" on each host,
> along with "host=somehost" or "host=*" in each user's LDAP entry.  This
> allowed me to restrict who could log in to each host.

> Now that I have switched to using pam_krb53 and am only using LDAP for
> the location of the home directories and the uid/gid, it doesn't appear
> that the pam_filter line in libnss-ldap.conf is working.  I also had the

What exactly have you put into /etc/libnss-ldap.conf?
I'm using some filters at work which work as expected.

> same line in /etc/pam_ldap.conf, but I have removed all the pam_ldap
> entries from /etc/pam.d/*.

> Does anyone know how I might be able to restore that behavior?

Try something like this:
nss_base_passwd ou=People,<My BASEE DN>?one?domain=foo

	Follow the white penguin.

Reply to: